How to configure MikroTik - Initial Configuration

How to configure MikroTik - Initial Configuration

In this article you will learn how to quickly set up RouterOS MikroTik for working in a simple version, which is suitable for many small offices, home network, etc.

So, for example we have access channel to the Internet, a local area network for 5 computers, 1 of which is server, you must enable the ordinary users via standard protocols (http, https, icq, jabber, ftp), for system administrators workplace do full access to the network, enable the e-mail, ftp and web servers.

LAN IP addresses:

Mikrotik - 192.168.0.1

PC 5 - 192.168.0.2

PC 4 - 192.168.0.10

PC 1 - 192.168.0.20

PC 2 - 192.168.0.21

PC 3 - 192.168.0.22

Provider can provide you with both white and gray ip address, for example, that in our case it is the gray address somewhere in a local network provider.

Step 1. Let’s connect to the router locally to the console, and to protect the “admin” user from breaking off, we will disable him, and instead create a new one.

Step 2. Interface configuration.

[mkt@MikroTik] > setup
Setup uses Safe Mode. It means that all changes that are made during setup are
reverted in case of error, or if
Ctrl-C is used to abort setup. To keep changes exit setup using the 'x' key.
[Safe Mode taken]
Choose options by pressing one of the letters in the left column, before dash.
Pressing 'x' will exit current
menu, pressing Enter key will select the entry that is marked by an '*'. You can
abort setup at any time by
pressing Ctrl-C.
Entries marked by '+' are already configured.
Entries marked by '-' cannot be used yet.
Entries marked by 'X' cannot be used without installing additional packages.
r - reset all router configuration
+ l - load interface driver
+ a - configure ip address and gateway
d - setup dhcp client
* s - setup dhcp server
p - setup pppoe client
t - setup pptp client
x - exit menu
your choice [press Enter to setup dhcp server]:

Press a, in the pop-up menu press a, type in the name of the first interface, specify the IP address.

Now you can continue to change settings using a graphical shell “winbox”, but since we started with the console, we will go all the way through with it, and then we will repeat what we have made from step 3, but in the graphic interface.

If we are talking about the absolute minimum and simplicity, this was it. What actions were taken?

Two interfaces were included ether1 and ether2.

IP address were assigned for the interfaces.

Default gateway was set.

DNS server was specified.

Rules were prescribed for machines with unlimited access.

Rules were prescribed for machines with limited access to ports.

Rules were prescribed for NAT access from the outside to the Web and mail servers.

Now let's go back to step №3 and do the same steps, but in the graphical environment “winbox”, to download it, go to your mikrotik web interface called “webbox” and download the program from the home page.

Launch, specify the address of the local network, which was assigned to the second interface, user name and password, which was created in the beginning.

Step 3. DNS configuration.

The GUI's not much more complicated than in the console. Select from the main menu section “IP” and “DNS” submenu.

Here you can define static DNS entries, as well as view what now is in the cache. Click on the “Settings” button and specify the DNS server addresses.

Step 4. Setting up access to the Internet.

Turn on masquerading. IP “Main Menu”, “firewall” submenu, NAT “tab”.

To add a new entry click on the plus sign. And then everything is the same as in the console, on the “General” tab chain = srcnat, “Out interface = ether2” and put a check, which means NO, “Action” tab and select “masquerade”.

In the main menu select “IP” section, then “firewall”, in the window that appears, select “Filter Rules” tab. To add a new schedule click on the plus sign.

Allow UDP

Allow outgoing connections from the address 192.168.0.2 to any address on the destination port 25, using tcp protocol.

And in the end forbid anything else that was not allowed above.

Step 5. Inbox.

In the main menu select “IP” section, then “firewall”, in the window that appears, select “Filter Rules” tab. To add a new schedule click on the plus sign.

Redirect all connections coming to an external address 192.168.1.116 on the tcp protocol, port 25 on the local address 192.168.0.2 on port 25.

Using the same principle all the other rules are being built.

From the written above it is clear that any action can be done at least with two options, talking to MikroTik using text commands or mouse in the GUI. Both methods have their pros and cons.

The console is working faster even on very low channel, graphical shell is downloading interface modules to itself even before start, and then in the process creates a lot of traffic.

To work with console is definitely hard, but when you understand commands and principle of operation, it becomes not so important which interface is used to configure.